hscta.net

This is where you should report issues arising from the subscription filters.
Locked
HubSpotSteve
New Member
New Member
Posts: 6
Joined: Mon Feb 15, 2016 5:02 pm

hscta.net

Post by HubSpotSteve »

Filter:

Code: Select all

||hscta.net^$third-party
This domain is used to serve JS that provides website functionality. That JS is https://js.hscta.net/cta/current.js
This is used by HubSpot customers to include HTML buttons on their websites, and allows them to edit these buttons in a central place, and to run A/B tests on buttons.

We have a fallback system in place to serve a static image instead of a rich HTML button, but this system is far from perfect. Some examples:

http://www.keatingschoolofmotoring.ie/
Expected:
http://i.imgur.com/3QxbhZG.jpg

Actual, with EasyPrivacy blocking:
http://i.imgur.com/IuGqgMh.jpg

https://www.ipaper.io/
Expected:
http://i.imgur.com/bbk50ZQ.jpg

Actual, with EasyPrivacy blocking:
http://i.imgur.com/A2KTp87.jpg

Since this offers website functionality, and is just a static JS file, I don't believe it should be blocked.

Happy to answer any questions you may have.
-Steve
User avatar
fanboy
EasyList Author
EasyList Author
Posts: 12220
Joined: Wed Sep 05, 2007 8:17 pm

Post by fanboy »

Looking at the script in question, it looks like a tracking/analytics script.

http://pastebin.com/raw/GG8AcEh0
HubSpotSteve
New Member
New Member
Posts: 6
Joined: Mon Feb 15, 2016 5:02 pm

Post by HubSpotSteve »

Hi fanboy,

The script optionally includes tracking information, but it does not require it.

That JS makes a request to our API, which does two things:
1. If and only if there is tracking information attached to the request, it selects a version of the button to show based on the visitor. For example, based on the IP location of the visitor, or whether this is their first or return visit.
2. With or without tracking information, it returns the HTML + CSS of that Call-to-Action button (this involves no tracking). If there is no tracking information, it will return the HTML + CSS of the default button.

Now, the obvious question is how can a user opt-out of this tracking.

That script never sets a cookie. Here's the full, unminified script which is a bit easier to read: http://pastebin.com/raw/NDWy8yW8
You can see that there are calls to read the cookie (the cookie is called 'hubspotutk'), but never to set the cookie.

The thing that sets the cookie is a separate system, HubSpot Analytics, which runs on js.hs-analytics.net and track.hubspot.com, and which is already blocked, which is correct.

This is why I believe hscta.net should not be blocked. It offers actual website functionality (the HTML buttons), and does not do any tracking itself. A user will not be tracked if they do not have HubSpot Analytics (js.hs-analytics.net) which would be blocked in this case, so all hscta.net will do is serve down a default, HTML and CSS button with no tracking whatsoever.

What do you think?
User avatar
fanboy
EasyList Author
EasyList Author
Posts: 12220
Joined: Wed Sep 05, 2007 8:17 pm

Post by fanboy »

HubSpotSteve
New Member
New Member
Posts: 6
Joined: Mon Feb 15, 2016 5:02 pm

Post by HubSpotSteve »

Thank you :)
Locked